lumma | f5913e753281dbdf88f36c73d13afbf4af62046e25f8e148e87a80e88818c4d7

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 20:55

Target

tmp.exe
Size

308KB
MD5

c60f5fa3a579bca2c8c377f7e15b2221
SHA1

d44b5c6dd64284f00d6f9d05cf5327a91cad9339
SHA256

f5913e753281dbdf88f36c73d13afbf4af62046e25f8e148e87a80e88818c4d7
SHA512

f419adf4bd07ce18d9b7de7445b2d0185653de27738fd4403f880ee11bf49ca8a1958c1b2c94f8f4c5da52ebc79462cfb6fe71849439f6af017a95b44af2f77b
SSDEEP

6144:DVa+NrJiVBc2wc6oKXwdUWFQg1SGWEWAMiY7ivtaqgntTZXHAYq7:J1NrJaBcOOiHWEWAMFKtdstTfq

Score

10^/10

lumma stealer

Family

lumma

https://bordersoarmanusjuw.shop/api

https://entitlementappwo.shop/api

https://economicscreateojsu.shop/api

https://pushjellysingeywus.shop/api

https://absentconvicsjawun.shop/api

https://suitcaseacanehalk.shop/api

https://mealplayerpreceodsju.shop/api

https://wifeplasterbakewis.shop/api

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2888 set thread context of 1716	2888	tmp.exe	87

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 1428	2888	tmp.exe	86
PID 2888 wrote to memory of 1428	2888	tmp.exe	86
PID 2888 wrote to memory of 1428	2888	tmp.exe	86
PID 2888 wrote to memory of 1716	2888	tmp.exe	87
PID 2888 wrote to memory of 1716	2888	tmp.exe	87
PID 2888 wrote to memory of 1716	2888	tmp.exe	87
PID 2888 wrote to memory of 1716	2888	tmp.exe	87
PID 2888 wrote to memory of 1716	2888	tmp.exe	87
PID 2888 wrote to memory of 1716	2888	tmp.exe	87
PID 2888 wrote to memory of 1716	2888	tmp.exe	87
PID 2888 wrote to memory of 1716	2888	tmp.exe	87
PID 2888 wrote to memory of 1716	2888	tmp.exe	87

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2888
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:1428
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:1716

memory/1716-4-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1716-8-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/1716-11-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/2888-0-0x0000000000ED0000-0x0000000000F24000-memory.dmp

Filesize
336KB

Download
memory/2888-1-0x0000000074990000-0x0000000075140000-memory.dmp

Filesize
7.7MB

Download
memory/2888-9-0x0000000074990000-0x0000000075140000-memory.dmp

Filesize
7.7MB

Download
memory/2888-10-0x0000000003370000-0x0000000005370000-memory.dmp

Filesize
32.0MB

Download
memory/2888-12-0x0000000003370000-0x0000000005370000-memory.dmp

Filesize
32.0MB

Download